Bilili-downloader
Security checks across malware telemetry and agentic risk
Overview
This appears to be a straightforward Bilibili video downloader that uses yt-dlp on a user-provided URL and saves media locally.
Install this only if you want an agent to download Bilibili media through yt-dlp. Confirm the URL, format, and whether playlist batch mode is intended before running it, expect files to be created in the current working directory, and avoid providing Bilibili cookies unless you deliberately need account-gated content.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.